Cyber Resilience

CVE-2025-20929

High

Published: 06 March 2025

Published
06 March 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0009 26.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20929 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Notes. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-20929 is an out-of-bounds write vulnerability (CWE-787) in the JPEG image parsing component of the Samsung Notes application, affecting versions prior to 4.4.26.71. Published on 2025-03-06, the issue has a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), indicating high integrity impact potential with low requirements for exploitation.

Local attackers with access to the device can exploit this vulnerability by providing a specially crafted JPEG image to Samsung Notes, leading to arbitrary code execution. No user privileges or interaction are required, and the attack complexity is low, making it feasible for unprivileged local users.

Samsung's security advisory for March 2025 (https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=03) addresses the vulnerability, with the fix available in Samsung Notes version 4.4.26.71. Security practitioners should ensure devices are updated to this version or later to mitigate the risk.

EU & UK References

Vulnerability details

Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in JPEG parsing component of client application (Samsung Notes) directly enables arbitrary code execution via crafted image with no user interaction required, mapping to Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-20931Same product: Samsung Notes
CVE-2025-20916Same product: Samsung Notes
CVE-2025-21042Same vendor: Samsung
CVE-2025-20918Same product: Samsung Notes
CVE-2025-20922Same product: Samsung Notes
CVE-2025-20915Same product: Samsung Notes
CVE-2025-20914Same product: Samsung Notes
CVE-2025-20919Same product: Samsung Notes
CVE-2025-20917Same product: Samsung Notes
CVE-2025-20921Same product: Samsung Notes

Affected Assets

samsung
notes
≤ 4.4.26.71

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely identification, reporting, and patching of the flaw in Samsung Notes to version 4.4.26.71 or later.

prevent

Implements memory protections such as ASLR and DEP to prevent arbitrary code execution resulting from the out-of-bounds write during JPEG parsing.

prevent

Requires validation of JPEG image inputs to Samsung Notes to detect and reject malformed files that could trigger the out-of-bounds write.

References